Exemplo n.º 1
0
 /**
  * Save passed profile
  *
  * Stores the OMB profile $profile. Overwrites an existing entry.
  * Throws exceptions in case of error.
  *
  * @param OMB_Profile $profile   The OMB profile which should be saved
  *
  * @access public
  **/
 public function saveProfile($omb_profile)
 {
     if (common_profile_url($omb_profile->getNickname()) == $omb_profile->getProfileURL()) {
         throw new Exception('Not implemented');
     } else {
         $remote = Remote_profile::staticGet('uri', $omb_profile->getIdentifierURI());
         if ($remote) {
             $exists = true;
             $profile = Profile::staticGet($remote->id);
             $orig_remote = clone $remote;
             $orig_profile = clone $profile;
             // XXX: compare current postNotice and updateProfile URLs to the ones
             // stored in the DB to avoid (possibly...) above attack
         } else {
             $exists = false;
             $remote = new Remote_profile();
             $remote->uri = $omb_profile->getIdentifierURI();
             $profile = new Profile();
         }
         $profile->nickname = $omb_profile->getNickname();
         $profile->profileurl = $omb_profile->getProfileURL();
         $fullname = $omb_profile->getFullname();
         $profile->fullname = is_null($fullname) ? '' : $fullname;
         $homepage = $omb_profile->getHomepage();
         $profile->homepage = is_null($homepage) ? '' : $homepage;
         $bio = $omb_profile->getBio();
         $profile->bio = is_null($bio) ? '' : $bio;
         $location = $omb_profile->getLocation();
         $profile->location = is_null($location) ? '' : $location;
         if ($exists) {
             $profile->update($orig_profile);
         } else {
             $profile->created = DB_DataObject_Cast::dateTime();
             # current time
             $id = $profile->insert();
             if (!$id) {
                 // TRANS: Exception thrown when creating a new profile fails in OAuth store.
                 throw new Exception(_('Error inserting new profile.'));
             }
             $remote->id = $id;
         }
         $avatar_url = $omb_profile->getAvatarURL();
         if ($avatar_url) {
             if (!$this->add_avatar($profile, $avatar_url)) {
                 // TRANS: Exception thrown when creating a new avatar fails in OAuth store.
                 throw new Exception(_('Error inserting avatar.'));
             }
         } else {
             $avatar = $profile->getOriginalAvatar();
             if ($avatar) {
                 $avatar->delete();
             }
             $avatar = $profile->getAvatar(AVATAR_PROFILE_SIZE);
             if ($avatar) {
                 $avatar->delete();
             }
             $avatar = $profile->getAvatar(AVATAR_STREAM_SIZE);
             if ($avatar) {
                 $avatar->delete();
             }
             $avatar = $profile->getAvatar(AVATAR_MINI_SIZE);
             if ($avatar) {
                 $avatar->delete();
             }
         }
         if ($exists) {
             if (!$remote->update($orig_remote)) {
                 // TRANS: Exception thrown when updating a remote profile fails in OAuth store.
                 throw new Exception(_('Error updating remote profile.'));
             }
         } else {
             $remote->created = DB_DataObject_Cast::dateTime();
             # current time
             if (!$remote->insert()) {
                 // TRANS: Exception thrown when creating a remote profile fails in OAuth store.
                 throw new Exception(_('Error inserting remote profile.'));
             }
         }
     }
 }
Exemplo n.º 2
0
 function ensureProfile($user)
 {
     // check to see if there's already a profile for this user
     $profileurl = 'http://twitter.com/' . $user->screen_name;
     $profile = $this->getProfileByUrl($user->screen_name, $profileurl);
     if (!empty($profile)) {
         common_debug($this->name() . " - Profile for {$profile->nickname} found.");
         // Check to see if the user's Avatar has changed
         $this->checkAvatar($user, $profile);
         return $profile;
     } else {
         common_debug($this->name() . ' - Adding profile and remote profile ' . "for Twitter user: {$profileurl}.");
         $profile = new Profile();
         $profile->query("BEGIN");
         $profile->nickname = $user->screen_name;
         $profile->fullname = $user->name;
         $profile->homepage = $user->url;
         $profile->bio = $user->description;
         $profile->location = $user->location;
         $profile->profileurl = $profileurl;
         $profile->created = common_sql_now();
         try {
             $id = $profile->insert();
         } catch (Exception $e) {
             common_log(LOG_WARNING, $this->name() . ' Couldn\'t insert profile - ' . $e->getMessage());
         }
         if (empty($id)) {
             common_log_db_error($profile, 'INSERT', __FILE__);
             $profile->query("ROLLBACK");
             return false;
         }
         // check for remote profile
         $remote_pro = Remote_profile::staticGet('uri', $profileurl);
         if (empty($remote_pro)) {
             $remote_pro = new Remote_profile();
             $remote_pro->id = $id;
             $remote_pro->uri = $profileurl;
             $remote_pro->created = common_sql_now();
             try {
                 $rid = $remote_pro->insert();
             } catch (Exception $e) {
                 common_log(LOG_WARNING, $this->name() . ' Couldn\'t save remote profile - ' . $e->getMessage());
             }
             if (empty($rid)) {
                 common_log_db_error($profile, 'INSERT', __FILE__);
                 $profile->query("ROLLBACK");
                 return false;
             }
         }
         $profile->query("COMMIT");
         $this->saveAvatars($user, $id);
         return $profile;
     }
 }
Exemplo n.º 3
0
 function ensureProfile($user)
 {
     // check to see if there's already a profile for this user
     $profileurl = 'http://twitter.com/' . $user->screen_name;
     $profile = Profile::staticGet('profileurl', $profileurl);
     if ($profile) {
         if (defined('SCRIPT_DEBUG')) {
             common_debug("Profile for {$profile->nickname} found.");
         }
         // Check to see if the user's Avatar has changed
         $this->checkAvatar($user, $profile);
         return $profile->id;
     } else {
         if (defined('SCRIPT_DEBUG')) {
             common_debug('Adding profile and remote profile ' . "for Twitter user: {$profileurl}");
         }
         $profile = new Profile();
         $profile->query("BEGIN");
         $profile->nickname = $user->screen_name;
         $profile->fullname = $user->name;
         $profile->homepage = $user->url;
         $profile->bio = $user->description;
         $profile->location = $user->location;
         $profile->profileurl = $profileurl;
         $profile->created = common_sql_now();
         $id = $profile->insert();
         if (empty($id)) {
             common_log_db_error($profile, 'INSERT', __FILE__);
             $profile->query("ROLLBACK");
             return false;
         }
         // check for remote profile
         $remote_pro = Remote_profile::staticGet('uri', $profileurl);
         if (!$remote_pro) {
             $remote_pro = new Remote_profile();
             $remote_pro->id = $id;
             $remote_pro->uri = $profileurl;
             $remote_pro->created = common_sql_now();
             $rid = $remote_pro->insert();
             if (empty($rid)) {
                 common_log_db_error($profile, 'INSERT', __FILE__);
                 $profile->query("ROLLBACK");
                 return false;
             }
         }
         $profile->query("COMMIT");
         $this->saveAvatars($user, $id);
         return $id;
     }
 }
Exemplo n.º 4
0
 function handle($args)
 {
     parent::handle($args);
     if (common_logged_in()) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     $omb = $_SESSION['oauth_authorization_request'];
     if (!$omb) {
         $this->clientError(_('Not expecting this response!'));
         return;
     }
     common_debug('stored request: ' . print_r($omb, true), __FILE__);
     common_remove_magic_from_request();
     $req = OAuthRequest::from_request();
     $token = $req->get_parameter('oauth_token');
     # I think this is the success metric
     if ($token != $omb['token']) {
         $this->clientError(_('Not authorized.'));
         return;
     }
     $version = $req->get_parameter('omb_version');
     if ($version != OMB_VERSION_01) {
         $this->clientError(_('Unknown version of OMB protocol.'));
         return;
     }
     $nickname = $req->get_parameter('omb_listener_nickname');
     if (!$nickname) {
         $this->clientError(_('No nickname provided by remote server.'));
         return;
     }
     $profile_url = $req->get_parameter('omb_listener_profile');
     if (!$profile_url) {
         $this->clientError(_('No profile URL returned by server.'));
         return;
     }
     if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) {
         $this->clientError(_('Invalid profile URL returned by server.'));
         return;
     }
     if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__);
     $user = User::staticGet('nickname', $omb['listenee']);
     if (!$user) {
         $this->clientError(_('User being listened to doesn\'t exist.'));
         return;
     }
     $other = User::staticGet('uri', $omb['listener']);
     if ($other) {
         $this->clientError(_('You can use the local subscription!'));
         return;
     }
     $fullname = $req->get_parameter('omb_listener_fullname');
     $homepage = $req->get_parameter('omb_listener_homepage');
     $bio = $req->get_parameter('omb_listener_bio');
     $location = $req->get_parameter('omb_listener_location');
     $avatar_url = $req->get_parameter('omb_listener_avatar');
     list($newtok, $newsecret) = $this->access_token($omb);
     if (!$newtok || !$newsecret) {
         $this->clientError(_('Couldn\'t convert request tokens to access tokens.'));
         return;
     }
     # XXX: possible attack point; subscribe and return someone else's profile URI
     $remote = Remote_profile::staticGet('uri', $omb['listener']);
     if ($remote) {
         $exists = true;
         $profile = Profile::staticGet($remote->id);
         $orig_remote = clone $remote;
         $orig_profile = clone $profile;
         # XXX: compare current postNotice and updateProfile URLs to the ones
         # stored in the DB to avoid (possibly...) above attack
     } else {
         $exists = false;
         $remote = new Remote_profile();
         $remote->uri = $omb['listener'];
         $profile = new Profile();
     }
     $profile->nickname = $nickname;
     $profile->profileurl = $profile_url;
     if (!is_null($fullname)) {
         $profile->fullname = $fullname;
     }
     if (!is_null($homepage)) {
         $profile->homepage = $homepage;
     }
     if (!is_null($bio)) {
         $profile->bio = $bio;
     }
     if (!is_null($location)) {
         $profile->location = $location;
     }
     if ($exists) {
         $profile->update($orig_profile);
     } else {
         $profile->created = DB_DataObject_Cast::dateTime();
         # current time
         $id = $profile->insert();
         if (!$id) {
             $this->serverError(_('Error inserting new profile'));
             return;
         }
         $remote->id = $id;
     }
     if ($avatar_url) {
         if (!$this->add_avatar($profile, $avatar_url)) {
             $this->serverError(_('Error inserting avatar'));
             return;
         }
     }
     $remote->postnoticeurl = $omb['post_notice_url'];
     $remote->updateprofileurl = $omb['update_profile_url'];
     if ($exists) {
         if (!$remote->update($orig_remote)) {
             $this->serverError(_('Error updating remote profile'));
             return;
         }
     } else {
         $remote->created = DB_DataObject_Cast::dateTime();
         # current time
         if (!$remote->insert()) {
             $this->serverError(_('Error inserting remote profile'));
             return;
         }
     }
     if ($user->hasBlocked($profile)) {
         $this->clientError(_('That user has blocked you from subscribing.'));
         return;
     }
     $sub = new Subscription();
     $sub->subscriber = $remote->id;
     $sub->subscribed = $user->id;
     $sub_exists = false;
     if ($sub->find(true)) {
         $sub_exists = true;
         $orig_sub = clone $sub;
     } else {
         $sub_exists = false;
         $sub->created = DB_DataObject_Cast::dateTime();
         # current time
     }
     $sub->token = $newtok;
     $sub->secret = $newsecret;
     if ($sub_exists) {
         $result = $sub->update($orig_sub);
     } else {
         $result = $sub->insert();
     }
     if (!$result) {
         common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
         $this->clientError(_('Couldn\'t insert new subscription.'));
         return;
     }
     # Notify user, if necessary
     mail_subscribe_notify_profile($user, $profile);
     # Clear the data
     unset($_SESSION['oauth_authorization_request']);
     # If we show subscriptions in reverse chron order, this should
     # show up close to the top of the page
     common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname)));
 }
Exemplo n.º 5
0
 function saveRemoteProfile(&$req)
 {
     # FIXME: we should really do this when the consumer comes
     # back for an access token. If they never do, we've got stuff in a
     # weird state.
     $nickname = $req->get_parameter('omb_listenee_nickname');
     $fullname = $req->get_parameter('omb_listenee_fullname');
     $profile_url = $req->get_parameter('omb_listenee_profile');
     $homepage = $req->get_parameter('omb_listenee_homepage');
     $bio = $req->get_parameter('omb_listenee_bio');
     $location = $req->get_parameter('omb_listenee_location');
     $avatar_url = $req->get_parameter('omb_listenee_avatar');
     $listenee = $req->get_parameter('omb_listenee');
     $remote = Remote_profile::staticGet('uri', $listenee);
     if ($remote) {
         $exists = true;
         $profile = Profile::staticGet($remote->id);
         $orig_remote = clone $remote;
         $orig_profile = clone $profile;
     } else {
         $exists = false;
         $remote = new Remote_profile();
         $remote->uri = $listenee;
         $profile = new Profile();
     }
     $profile->nickname = $nickname;
     $profile->profileurl = $profile_url;
     if (!is_null($fullname)) {
         $profile->fullname = $fullname;
     }
     if (!is_null($homepage)) {
         $profile->homepage = $homepage;
     }
     if (!is_null($bio)) {
         $profile->bio = $bio;
     }
     if (!is_null($location)) {
         $profile->location = $location;
     }
     if ($exists) {
         $profile->update($orig_profile);
     } else {
         $profile->created = DB_DataObject_Cast::dateTime();
         # current time
         $id = $profile->insert();
         if (!$id) {
             return false;
         }
         $remote->id = $id;
     }
     if ($exists) {
         if (!$remote->update($orig_remote)) {
             return false;
         }
     } else {
         $remote->created = DB_DataObject_Cast::dateTime();
         # current time
         if (!$remote->insert()) {
             return false;
         }
     }
     if ($avatar_url) {
         if (!$this->addAvatar($profile, $avatar_url)) {
             return false;
         }
     }
     $user = common_current_user();
     $datastore = omb_oauth_datastore();
     $consumer = $this->getConsumer($datastore, $req);
     $token = $this->getToken($datastore, $req, $consumer);
     $sub = new Subscription();
     $sub->subscriber = $user->id;
     $sub->subscribed = $remote->id;
     $sub->token = $token->key;
     # NOTE: request token, not valid for use!
     $sub->created = DB_DataObject_Cast::dateTime();
     # current time
     if (!$sub->insert()) {
         return false;
     }
     return true;
 }